• DocumentCode
    1958254
  • Title

    External Insider Threat: A Real Security Challenge in Enterprise Value Webs

  • Author

    Franqueira, Virginia N L ; van Cleeff, A. ; van Eck, Pascal ; Wieringa, Roel

  • Author_Institution
    Univ. of Twente, Enschede, Netherlands
  • fYear
    2010
  • fDate
    15-18 Feb. 2010
  • Firstpage
    446
  • Lastpage
    453
  • Abstract
    Increasingly, organizations collaborate with other organizations in value webs with various arrangements, such as outsourcing, partnering, joint ventures, or subcontracting. As the Jericho Forum (an industry consortium of the Open Group) observed, in all these forms of collaboration, the boundaries between organizations become permeable and, as a consequence, insiders and outsiders can no longer be neatly separated using the notion of a perimeter. Such organizational arrangements have security implications because individuals from the value web are neither outsiders nor completely insiders. To address this phenomenon this paper proposes a third set of individuals, called External Insiders. External insiders add challenges to the already known insider threat problem because, unlike outsiders, external insiders have granted access and are trusted; and, unlike traditional insiders, external insiders are not subjected to as many internal controls enforced by the organization for which they are external insiders. In fact, external insiders are part of two or more organizational control structures, and business-to-business contracts are often insufficiently detailed to establish security requirements at the level of granularity needed to counter the threat they pose.
  • Keywords
    electronic commerce; security of data; Jericho Forum; business-to-business contracts; enterprise value webs; external insider threat; joint ventures; organizational arrangements; outsourcing; partnering; security challenge; subcontracting; Asset management; Availability; Contracts; Counting circuits; Government; ISO standards; International collaboration; Outsourcing; Security; Subcontracting; B2B contract; Enterprise Network; Extended Enterprise; Risk Management; Security Metrics;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability, and Security, 2010. ARES '10 International Conference on
  • Conference_Location
    Krakow
  • Print_ISBN
    978-1-4244-5879-0
  • Type

    conf

  • DOI
    10.1109/ARES.2010.40
  • Filename
    5438055